http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java index 55ec94e..c02ee70 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java @@ -22,26 +22,26 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.Arrays; import org.apache.cxf.common.util.crypto.HmacUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] key; private AlgorithmParameterSpec hmacSpec; - private String supportedAlgo; + private SignatureAlgorithm supportedAlgo; public HmacJwsSignatureVerifier(String encodedKey) { - this(JoseUtils.decode(encodedKey), JoseConstants.HMAC_SHA_256_ALGO); + this(JoseUtils.decode(encodedKey), SignatureAlgorithm.HS256); } - public HmacJwsSignatureVerifier(String encodedKey, String supportedAlgo) { + public HmacJwsSignatureVerifier(String encodedKey, SignatureAlgorithm supportedAlgo) { this(JoseUtils.decode(encodedKey), supportedAlgo); } - public HmacJwsSignatureVerifier(byte[] key, String supportedAlgo) { + public HmacJwsSignatureVerifier(byte[] key, SignatureAlgorithm supportedAlgo) { this(key, null, supportedAlgo); } - public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, String supportedAlgo) { + public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { this.key = key; this.hmacSpec = spec; this.supportedAlgo = supportedAlgo; @@ -56,21 +56,21 @@ public class HmacJwsSignatureVerifier implements JwsSignatureVerifier { private byte[] computeMac(JoseHeaders headers, String text) { return HmacUtils.computeHmac(key, - Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), hmacSpec, text); } protected String checkAlgorithm(String algo) { if (algo == null - || !Algorithm.isHmacSign(algo) - || !algo.equals(supportedAlgo)) { + || !AlgorithmUtils.isHmacSign(algo) + || !algo.equals(supportedAlgo.getJwaName())) { throw new SecurityException(); } return algo; } @Override - public String getAlgorithm() { + public SignatureAlgorithm getAlgorithm() { return supportedAlgo; } }
http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java index b8f192b..14b654c 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java @@ -22,9 +22,9 @@ import java.security.interfaces.RSAPrivateKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; public class JwsCompactProducer { @@ -105,7 +105,7 @@ public class JwsCompactProducer { this.signature = sig; } private boolean isPlainText() { - return JoseConstants.PLAIN_TEXT_ALGO.equals(getAlgorithm()); + return AlgorithmUtils.PLAIN_TEXT_ALGO.equals(getAlgorithm()); } private String getAlgorithm() { return getJoseHeaders().getAlgorithm(); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java index 2b32d9a..ce9bf27 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonConsumer.java @@ -110,7 +110,7 @@ public class JwsJsonConsumer { } public boolean verifySignatureWith(JwsSignatureVerifier validator) { List<JwsJsonSignatureEntry> theSignatureEntries = - getSignatureEntryMap().get(validator.getAlgorithm()); + getSignatureEntryMap().get(validator.getAlgorithm().getJwaName()); if (theSignatureEntries != null) { for (JwsJsonSignatureEntry signatureEntry : theSignatureEntries) { if (signatureEntry.verifySignatureWith(validator)) { @@ -143,7 +143,7 @@ public class JwsJsonConsumer { for (JwsSignatureVerifier validator : validators) { boolean validated = false; List<JwsJsonSignatureEntry> theSignatureEntries = - getSignatureEntryMap().get(validator.getAlgorithm()); + getSignatureEntryMap().get(validator.getAlgorithm().getJwaName()); if (theSignatureEntries != null) { for (JwsJsonSignatureEntry sigEntry : theSignatureEntries) { if (sigEntry.verifySignatureWith(validator)) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java index bd72a53..5620232 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsJsonProducer.java @@ -96,7 +96,7 @@ public class JwsJsonProducer { } public String signWith(JwsSignatureProvider signer) { JoseHeaders headers = new JoseHeaders(); - headers.setAlgorithm(signer.getAlgorithm()); + headers.setAlgorithm(signer.getAlgorithm().getJwaName()); return signWith(signer, headers); } public String signWith(JwsSignatureProvider signer, http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java index c6f60b9..9ca48cb 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureProvider.java @@ -19,10 +19,11 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public interface JwsSignatureProvider { - String getAlgorithm(); + SignatureAlgorithm getAlgorithm(); byte[] sign(JoseHeaders headers, byte[] content); /** * Create a signature handler capable of updating the signature input (optional operation) http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java index 492c676..26f9597 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsSignatureVerifier.java @@ -19,8 +19,9 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public interface JwsSignatureVerifier { + SignatureAlgorithm getAlgorithm(); boolean verify(JoseHeaders headers, String unsignedText, byte[] signature); - String getAlgorithm(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java index 1e8e6d4..bca768a 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java @@ -37,7 +37,8 @@ import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseUtils; import org.apache.cxf.rs.security.jose.jaxrs.KeyManagementUtils; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; @@ -88,16 +89,16 @@ public final class JwsUtils { theSigProvider = getHmacSignatureProvider(key, rsaSignatureAlgo); } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { theSigProvider = new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(jwk), - rsaSignatureAlgo); + SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo)); } return theSigProvider; } public static JwsSignatureProvider getRSAKeySignatureProvider(RSAPrivateKey key, String algo) { - return new PrivateKeyJwsSignatureProvider(key, algo); + return new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo)); } public static JwsSignatureProvider getHmacSignatureProvider(byte[] key, String algo) { - if (Algorithm.isHmacSign(algo)) { - return new HmacJwsSignatureProvider(key, algo); + if (AlgorithmUtils.isHmacSign(algo)) { + return new HmacJwsSignatureProvider(key, SignatureAlgorithm.getAlgorithm(algo)); } return null; } @@ -113,16 +114,17 @@ public final class JwsUtils { byte[] key = JoseUtils.decode((String)jwk.getProperty(JsonWebKey.OCTET_KEY_VALUE)); theVerifier = getHmacSignatureVerifier(key, rsaSignatureAlgo); } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), rsaSignatureAlgo); + theVerifier = new EcDsaJwsSignatureVerifier(JwkUtils.toECPublicKey(jwk), + SignatureAlgorithm.getAlgorithm(rsaSignatureAlgo)); } return theVerifier; } public static JwsSignatureVerifier getRSAKeySignatureVerifier(RSAPublicKey key, String algo) { - return new PublicKeyJwsSignatureVerifier(key, algo); + return new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo)); } public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, String algo) { - if (Algorithm.isHmacSign(algo)) { - return new HmacJwsSignatureVerifier(key, algo); + if (AlgorithmUtils.isHmacSign(algo)) { + return new HmacJwsSignatureVerifier(key, SignatureAlgorithm.getAlgorithm(algo)); } return null; } @@ -146,7 +148,7 @@ public final class JwsUtils { } JwsSignatureProvider theSigProvider = loadSignatureProvider(m, props, headers, false); if (headers != null) { - headers.setAlgorithm(theSigProvider.getAlgorithm()); + headers.setAlgorithm(theSigProvider.getAlgorithm().getJwaName()); } return theSigProvider; } @@ -287,7 +289,7 @@ public final class JwsUtils { private static String getSignatureAlgo(Message m, Properties props, String algo, String defaultAlgo) { if (algo == null) { if (defaultAlgo == null) { - defaultAlgo = JoseConstants.RS_SHA_256_ALGO; + defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO; } return KeyManagementUtils.getKeyAlgorithm(m, props, JSON_WEB_SIGNATURE_ALGO_PROP, defaultAlgo); } @@ -295,11 +297,11 @@ public final class JwsUtils { } private static String getDefaultKeyAlgo(JsonWebKey jwk) { if (JsonWebKey.KEY_TYPE_OCTET.equals(jwk.getKeyType())) { - return JoseConstants.HMAC_SHA_256_ALGO; + return AlgorithmUtils.HMAC_SHA_256_ALGO; } else if (JsonWebKey.KEY_TYPE_ELLIPTIC.equals(jwk.getKeyType())) { - return JoseConstants.ES_SHA_256_ALGO; + return AlgorithmUtils.ES_SHA_256_ALGO; } else { - return JoseConstants.RS_SHA_256_ALGO; + return AlgorithmUtils.RS_SHA_256_ALGO; } } public static JwsCompactConsumer verify(JwsSignatureVerifier v, String content) { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java index 6226102..d442677 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureProvider.java @@ -19,12 +19,13 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class NoneJwsSignatureProvider implements JwsSignatureProvider { @Override - public String getAlgorithm() { - return "none"; + public SignatureAlgorithm getAlgorithm() { + return SignatureAlgorithm.PLAIN; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java index 99cb770..270234e 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java @@ -19,6 +19,7 @@ package org.apache.cxf.rs.security.jose.jws; import org.apache.cxf.rs.security.jose.JoseHeaders; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class NoneJwsSignatureVerifier implements JwsSignatureVerifier { @@ -28,8 +29,8 @@ public class NoneJwsSignatureVerifier implements JwsSignatureVerifier { } @Override - public String getAlgorithm() { - return "none"; + public SignatureAlgorithm getAlgorithm() { + return SignatureAlgorithm.PLAIN; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java index 2f84f54..292ecf6 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PrivateKeyJwsSignatureProvider.java @@ -26,21 +26,22 @@ import java.security.spec.AlgorithmParameterSpec; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider { private PrivateKey key; private SecureRandom random; private AlgorithmParameterSpec signatureSpec; - public PrivateKeyJwsSignatureProvider(PrivateKey key, String algo) { + public PrivateKeyJwsSignatureProvider(PrivateKey key, SignatureAlgorithm algo) { this(key, null, algo); } - public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, String algo) { + public PrivateKeyJwsSignatureProvider(PrivateKey key, AlgorithmParameterSpec spec, SignatureAlgorithm algo) { this(key, null, spec, algo); } public PrivateKeyJwsSignatureProvider(PrivateKey key, SecureRandom random, - AlgorithmParameterSpec spec, String algo) { + AlgorithmParameterSpec spec, SignatureAlgorithm algo) { super(algo); this.key = key; this.random = random; @@ -48,7 +49,7 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider } protected JwsSignature doCreateJwsSignature(JoseHeaders headers) { final Signature s = CryptoUtils.getSignature(key, - Algorithm.toJavaName(headers.getAlgorithm()), + AlgorithmUtils.toJavaName(headers.getAlgorithm()), random, signatureSpec); return doCreateJwsSignature(s); @@ -66,7 +67,7 @@ public class PrivateKeyJwsSignatureProvider extends AbstractJwsSignatureProvider } protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isRsaSign(algo); + return AlgorithmUtils.isRsaSign(algo); } protected static class PrivateKeyJwsSignature implements JwsSignature { http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java index 70842cf..7e8fd80 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/PublicKeyJwsSignatureVerifier.java @@ -24,17 +24,18 @@ import java.security.spec.AlgorithmParameterSpec; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; import org.apache.cxf.rs.security.jose.JoseHeaders; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { private PublicKey key; private AlgorithmParameterSpec signatureSpec; - private String supportedAlgo; + private SignatureAlgorithm supportedAlgo; - public PublicKeyJwsSignatureVerifier(PublicKey key, String supportedAlgorithm) { + public PublicKeyJwsSignatureVerifier(PublicKey key, SignatureAlgorithm supportedAlgorithm) { this(key, null, supportedAlgorithm); } - public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, String supportedAlgo) { + public PublicKeyJwsSignatureVerifier(PublicKey key, AlgorithmParameterSpec spec, SignatureAlgorithm supportedAlgo) { this.key = key; this.signatureSpec = spec; this.supportedAlgo = supportedAlgo; @@ -45,7 +46,7 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { return CryptoUtils.verifySignature(StringUtils.toBytesUTF8(unsignedText), signature, key, - Algorithm.toJavaName(checkAlgorithm(headers.getAlgorithm())), + AlgorithmUtils.toJavaName(checkAlgorithm(headers.getAlgorithm())), signatureSpec); } catch (Exception ex) { throw new SecurityException(ex); @@ -54,16 +55,16 @@ public class PublicKeyJwsSignatureVerifier implements JwsSignatureVerifier { protected String checkAlgorithm(String algo) { if (algo == null || !isValidAlgorithmFamily(algo) - || !algo.equals(supportedAlgo)) { + || !algo.equals(supportedAlgo.getJwaName())) { throw new SecurityException(); } return algo; } protected boolean isValidAlgorithmFamily(String algo) { - return Algorithm.isRsaSign(algo); + return AlgorithmUtils.isRsaSign(algo); } @Override - public String getAlgorithm() { + public SignatureAlgorithm getAlgorithm() { return supportedAlgo; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java index 0b47927..68775fc 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwkJoseCookBookTest.java @@ -23,10 +23,11 @@ import java.util.List; import java.util.Map; import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; + import org.junit.Assert; import org.junit.Test; @@ -138,13 +139,13 @@ public class JwkJoseCookBookTest extends Assert { assertEquals(SIGN_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(SIGN_KID_VALUE, key.getKid()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm()); + assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } private void validateSecretEncKey(JsonWebKey key) { assertEquals(ENCRYPTION_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(ENCRYPTION_KID_VALUE, key.getKid()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.A256GCM_ALGO, key.getAlgorithm()); + assertEquals(AlgorithmUtils.A256GCM_ALGO, key.getAlgorithm()); } private void validatePublicRsaKey(JsonWebKey key) { assertEquals(RSA_MODULUS_VALUE, key.getProperty(JsonWebKey.RSA_MODULUS)); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java index 52088d8..c31ba44 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/cookbook/JwsJoseCookBookTest.java @@ -27,10 +27,10 @@ import javax.crypto.Cipher; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.helpers.IOUtils; import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; -import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.JoseHeaders; import org.apache.cxf.rs.security.jose.JoseHeadersReaderWriter; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; import org.apache.cxf.rs.security.jose.jwk.JwkUtils; @@ -354,7 +354,7 @@ public class JwsJoseCookBookTest { @Test public void testRSAv15Signature() throws Exception { JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD); - compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.RS_SHA_256_ALGO); + compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO); compactProducer.getJoseHeaders().setKeyId(RSA_KID_VALUE); JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON); @@ -370,35 +370,35 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); - assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders protectedHeader = new JoseHeaders(); - protectedHeader.setAlgorithm(JoseConstants.RS_SHA_256_ALGO); + protectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO); protectedHeader.setKeyId(RSA_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); } @Test public void testRSAPSSSignature() throws Exception { try { - Cipher.getInstance(Algorithm.PS_SHA_384_JAVA); + Cipher.getInstance(AlgorithmUtils.PS_SHA_384_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD); - compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.PS_SHA_384_ALGO); + compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO); compactProducer.getJoseHeaders().setKeyId(RSA_KID_VALUE); JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), RSA_PSS_SIGNATURE_PROTECTED_HEADER_JSON); @@ -414,24 +414,24 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); - assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders protectedHeader = new JoseHeaders(); - protectedHeader.setAlgorithm(JoseConstants.PS_SHA_384_ALGO); + protectedHeader.setAlgorithm(AlgorithmUtils.PS_SHA_384_ALGO); protectedHeader.setKeyId(RSA_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.PS_SHA_384_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length()); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.PS_SHA_384_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.PS_SHA_384_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length()); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.PS_SHA_384_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.PS_SHA_384_ALGO)); Security.removeProvider(BouncyCastleProvider.class.getName()); } @@ -439,13 +439,13 @@ public class JwsJoseCookBookTest { public void testECDSASignature() throws Exception { try { - Cipher.getInstance(Algorithm.ES_SHA_512_JAVA); + Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } try { JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD); - compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.ES_SHA_512_ALGO); + compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO); compactProducer.getJoseHeaders().setKeyId(ECDSA_KID_VALUE); JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), @@ -456,7 +456,7 @@ public class JwsJoseCookBookTest { List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey ecKey = keys.get(0); compactProducer.signWith(new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(ecKey), - JoseConstants.ES_SHA_512_ALGO)); + SignatureAlgorithm.ES512)); assertEquals(compactProducer.getUnsignedEncodedJws(), ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD); assertEquals(132, Base64UrlUtility.decode(compactProducer.getEncodedSignature()).length); @@ -465,7 +465,7 @@ public class JwsJoseCookBookTest { JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt"); List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey ecPublicKey = publicKeys.get(0); - assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, JoseConstants.ES_SHA_512_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO)); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); } @@ -473,7 +473,7 @@ public class JwsJoseCookBookTest { @Test public void testHMACSignature() throws Exception { JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD); - compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); compactProducer.getJoseHeaders().setKeyId(HMAC_KID_VALUE); JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON); @@ -486,29 +486,29 @@ public class JwsJoseCookBookTest { assertEquals(compactProducer.getSignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE); JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws()); - assertTrue(compactConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders protectedHeader = new JoseHeaders(); - protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); protectedHeader.setKeyId(HMAC_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); } @Test public void testDetachedHMACSignature() throws Exception { JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD); - compactProducer.getJoseHeaders().setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + compactProducer.getJoseHeaders().setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); compactProducer.getJoseHeaders().setKeyId(HMAC_KID_VALUE); JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter(); assertEquals(reader.toJson(compactProducer.getJoseHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON); @@ -521,25 +521,25 @@ public class JwsJoseCookBookTest { assertEquals(compactProducer.getSignedEncodedJws(true), DETACHED_HMAC_JWS); JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(true), ENCODED_PAYLOAD); - assertTrue(compactConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(compactConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD); assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders protectedHeader = new JoseHeaders(); - protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); protectedHeader.setKeyId(HMAC_KID_VALUE); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), protectedHeader); + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); } @Test public void testProtectingSpecificHeaderFieldsSignature() throws Exception { @@ -547,27 +547,27 @@ public class JwsJoseCookBookTest { assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders protectedHeader = new JoseHeaders(); - protectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + protectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); JoseHeaders unprotectedHeader = new JoseHeaders(); unprotectedHeader.setKeyId(HMAC_KID_VALUE); JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey key = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), protectedHeader, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); } @Test public void testProtectingContentOnlySignature() throws Exception { @@ -575,31 +575,31 @@ public class JwsJoseCookBookTest { assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders unprotectedHeader = new JoseHeaders(); - unprotectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + unprotectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); unprotectedHeader.setKeyId(HMAC_KID_VALUE); JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey key = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), null, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION); JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); jsonProducer = new JwsJsonProducer(PAYLOAD, true); - jsonProducer.signWith(JwsUtils.getSignatureProvider(key, JoseConstants.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(key, AlgorithmUtils.HMAC_SHA_256_ALGO), null, unprotectedHeader); assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION); jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument()); - assertTrue(jsonConsumer.verifySignatureWith(key, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(key, AlgorithmUtils.HMAC_SHA_256_ALGO)); } @Test public void testMultipleSignatures() throws Exception { try { - Cipher.getInstance(Algorithm.ES_SHA_512_JAVA); + Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } @@ -608,22 +608,22 @@ public class JwsJoseCookBookTest { assertEquals(jsonProducer.getPlainPayload(), PAYLOAD); assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD); JoseHeaders firstSignerProtectedHeader = new JoseHeaders(); - firstSignerProtectedHeader.setAlgorithm(JoseConstants.RS_SHA_256_ALGO); + firstSignerProtectedHeader.setAlgorithm(AlgorithmUtils.RS_SHA_256_ALGO); JoseHeaders firstSignerUnprotectedHeader = new JoseHeaders(); firstSignerUnprotectedHeader.setKeyId(RSA_KID_VALUE); JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt"); List<JsonWebKey> keys = jwks.getKeys(); JsonWebKey rsaKey = keys.get(1); - jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, JoseConstants.RS_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, AlgorithmUtils.RS_SHA_256_ALGO), firstSignerProtectedHeader, firstSignerUnprotectedHeader); assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(), FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES); JoseHeaders secondSignerUnprotectedHeader = new JoseHeaders(); - secondSignerUnprotectedHeader.setAlgorithm(JoseConstants.ES_SHA_512_ALGO); + secondSignerUnprotectedHeader.setAlgorithm(AlgorithmUtils.ES_SHA_512_ALGO); secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE); JsonWebKey ecKey = keys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, JoseConstants.ES_SHA_512_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, AlgorithmUtils.ES_SHA_512_ALGO), null, secondSignerUnprotectedHeader); assertEquals(new JoseHeadersReaderWriter().toJson( jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()), @@ -632,12 +632,12 @@ public class JwsJoseCookBookTest { SECOND_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES.length()); JoseHeaders thirdSignerProtectedHeader = new JoseHeaders(); - thirdSignerProtectedHeader.setAlgorithm(JoseConstants.HMAC_SHA_256_ALGO); + thirdSignerProtectedHeader.setAlgorithm(AlgorithmUtils.HMAC_SHA_256_ALGO); thirdSignerProtectedHeader.setKeyId(HMAC_KID_VALUE); JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt"); List<JsonWebKey> secretKeys = secretJwks.getKeys(); JsonWebKey hmacKey = secretKeys.get(0); - jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, JoseConstants.HMAC_SHA_256_ALGO), + jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO), thirdSignerProtectedHeader); assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(), THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES); @@ -649,9 +649,9 @@ public class JwsJoseCookBookTest { List<JsonWebKey> publicKeys = publicJwks.getKeys(); JsonWebKey rsaPublicKey = publicKeys.get(1); JsonWebKey ecPublicKey = publicKeys.get(0); - assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, JoseConstants.RS_SHA_256_ALGO)); - assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, JoseConstants.ES_SHA_512_ALGO)); - assertTrue(jsonConsumer.verifySignatureWith(hmacKey, JoseConstants.HMAC_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, AlgorithmUtils.RS_SHA_256_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, AlgorithmUtils.ES_SHA_512_ALGO)); + assertTrue(jsonConsumer.verifySignatureWith(hmacKey, AlgorithmUtils.HMAC_SHA_256_ALGO)); } finally { Security.removeProvider(BouncyCastleProvider.class.getName()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java index 50d8d3d..21a45ae 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java @@ -29,8 +29,9 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -84,8 +85,8 @@ public class JweCompactReaderWriterTest extends Assert { @BeforeClass public static void registerBouncyCastleIfNeeded() throws Exception { try { - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); - Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } @@ -102,8 +103,8 @@ public class JweCompactReaderWriterTest extends Assert { byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); AesWrapKeyEncryptionAlgorithm keyEncryption = - new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, Algorithm.A128KW.getJwtName()); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), + new AesWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128KW); + JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, CONTENT_ENCRYPTION_KEY_A3, INIT_VECTOR_A3, keyEncryption); @@ -131,11 +132,11 @@ public class JweCompactReaderWriterTest extends Assert { JsonWebKey.EC_CURVE_P256, "Alice", "Bob", - Algorithm.A128GCM.getJwtName()); + ContentAlgorithm.A128GCM); String jweOutput = jweOut.encrypt("Hello".getBytes(), null); JweDecryptionProvider jweIn = - new EcdhDirectKeyJweDecryption(bobPrivateKey, Algorithm.A128GCM.getJwtName()); + new EcdhDirectKeyJweDecryption(bobPrivateKey, ContentAlgorithm.A128GCM); assertEquals("Hello", jweIn.decrypt(jweOutput).getContentText()); } @Test @@ -145,10 +146,10 @@ public class JweCompactReaderWriterTest extends Assert { RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, RSA_PUBLIC_EXPONENT_ENCODED_A1); - KeyEncryptionAlgorithm keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, - Algorithm.RSA_1_5.getJwtName()); + KeyEncryptionProvider keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, + KeyAlgorithm.RSA_1_5); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), + JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, CONTENT_ENCRYPTION_KEY_A3, INIT_VECTOR_A3, keyEncryption); @@ -157,7 +158,7 @@ public class JweCompactReaderWriterTest extends Assert { RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, RSA_PRIVATE_EXPONENT_ENCODED_A1); KeyDecryptionAlgorithm keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey, - Algorithm.RSA_1_5.getJwtName()); + KeyAlgorithm.RSA_1_5); JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); String decryptedText = decryption.decrypt(jweContent).getContentText(); assertEquals(specPlainText, decryptedText); @@ -175,8 +176,8 @@ public class JweCompactReaderWriterTest extends Assert { byte[] cekEncryptionKey = Base64UrlUtility.decode(KEY_ENCRYPTION_KEY_A3); AesGcmWrapKeyEncryptionAlgorithm keyEncryption = - new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, JoseConstants.A128GCMKW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), + new AesGcmWrapKeyEncryptionAlgorithm(cekEncryptionKey, KeyAlgorithm.A128GCMKW); + JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, CONTENT_ENCRYPTION_KEY_A3, INIT_VECTOR_A3, keyEncryption); @@ -218,27 +219,28 @@ public class JweCompactReaderWriterTest extends Assert { String jwtKeyName = null; if (key == null) { // the encryptor will generate it - jwtKeyName = Algorithm.A128GCM.getJwtName(); + jwtKeyName = ContentAlgorithm.A128GCM.getJwaName(); } else { - jwtKeyName = Algorithm.toJwtName(key.getAlgorithm(), key.getEncoded().length * 8); + jwtKeyName = AlgorithmUtils.toJwaName(key.getAlgorithm(), key.getEncoded().length * 8); } - KeyEncryptionAlgorithm keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey, - Algorithm.RSA_OAEP.getJwtName()); - ContentEncryptionAlgorithm contentEncryptionAlgo = - new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, jwtKeyName); + KeyEncryptionProvider keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey, + KeyAlgorithm.RSA_OAEP); + ContentEncryptionProvider contentEncryptionAlgo = + new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, + ContentAlgorithm.getAlgorithm(jwtKeyName)); JweEncryptionProvider encryptor = new JweEncryption(keyEncryptionAlgo, contentEncryptionAlgo); return encryptor.encrypt(content.getBytes("UTF-8"), null); } private String encryptContentDirect(SecretKey key, String content) throws Exception { JweEncryption encryptor = new JweEncryption(new DirectKeyEncryptionAlgorithm(), - new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, JoseConstants.A128GCM_ALGO)); + new AesGcmContentEncryptionAlgorithm(key, INIT_VECTOR_A1, ContentAlgorithm.A128GCM)); return encryptor.encrypt(content.getBytes("UTF-8"), null); } private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception { RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, RSA_PRIVATE_EXPONENT_ENCODED_A1); - String algo = Cipher.getMaxAllowedKeyLength("AES") > 128 - ? JoseConstants.A256GCM_ALGO : JoseConstants.A128GCM_ALGO; + ContentAlgorithm algo = Cipher.getMaxAllowedKeyLength("AES") > 128 + ? ContentAlgorithm.A256GCM : ContentAlgorithm.A128GCM; JweDecryptionProvider decryptor = new JweDecryption(new RSAKeyDecryptionAlgorithm(privateKey), new AesGcmContentDecryptionAlgorithm(algo)); String decryptedText = decryptor.decrypt(jweContent).getContentText(); @@ -246,7 +248,7 @@ public class JweCompactReaderWriterTest extends Assert { } private void decryptDirect(SecretKey key, String jweContent, String plainContent) throws Exception { JweDecryption decryptor = new JweDecryption(new DirectKeyDecryptionAlgorithm(key), - new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO)); + new AesGcmContentDecryptionAlgorithm(ContentAlgorithm.A128GCM)); String decryptedText = decryptor.decrypt(jweContent).getContentText(); assertEquals(decryptedText, plainContent); } http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java index 0fcdece..5b1c9f3 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonConsumerTest.java @@ -25,8 +25,7 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.AfterClass; @@ -56,8 +55,8 @@ public class JweJsonConsumerTest extends Assert { @BeforeClass public static void registerBouncyCastleIfNeeded() throws Exception { try { - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); - Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } @@ -72,7 +71,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_OUTPUT, - JoseConstants.A128GCM_ALGO, + AlgorithmUtils.A128GCM_ALGO, JweJsonProducerTest.WRAPPER_BYTES1, null); } @@ -81,7 +80,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_FLAT_OUTPUT, - JoseConstants.A128GCM_ALGO, + AlgorithmUtils.A128GCM_ALGO, JweJsonProducerTest.WRAPPER_BYTES1, null); } @@ -90,7 +89,7 @@ public class JweJsonConsumerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_DIRECT_OUTPUT, - JoseConstants.A128GCM_ALGO, + AlgorithmUtils.A128GCM_ALGO, null, JweJsonProducerTest.CEK_BYTES); } @@ -99,7 +98,7 @@ public class JweJsonConsumerTest extends Assert { String text = "Live long and prosper."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, - JoseConstants.A128CBC_HS256_ALGO, + AlgorithmUtils.A128CBC_HS256_ALGO, null, JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3); } @@ -108,7 +107,7 @@ public class JweJsonConsumerTest extends Assert { String text = "Live long and prosper."; doTestSingleRecipient(text, JweJsonProducerTest.SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, - JoseConstants.A128CBC_HS256_ALGO, + AlgorithmUtils.A128CBC_HS256_ALGO, Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3), null); } @@ -118,8 +117,8 @@ public class JweJsonConsumerTest extends Assert { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES"); - JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, - JoseConstants.A128GCM_ALGO); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, + AlgorithmUtils.A128GCM_ALGO); JweJsonConsumer consumer = new JweJsonConsumer(JweJsonProducerTest.SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT); JweDecryptionOutput out = consumer.decryptWith(jwe); assertEquals(text, out.getContentText()); @@ -129,8 +128,8 @@ public class JweJsonConsumerTest extends Assert { public void testSingleRecipientAllTypeOfHeadersAndAadModified() { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(JweJsonProducerTest.WRAPPER_BYTES1, "AES"); - JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, - JoseConstants.A128GCM_ALGO); + JweDecryptionProvider jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, + AlgorithmUtils.A128GCM_ALGO); JweJsonConsumer consumer = new JweJsonConsumer(SINGLE_RECIPIENT_ALL_HEADERS_AAD_MODIFIED_OUTPUT); try { consumer.decryptWith(jwe); @@ -148,7 +147,7 @@ public class JweJsonConsumerTest extends Assert { JweDecryptionProvider jwe = null; if (wrapperKeyBytes != null) { SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(wrapperKeyBytes, "AES"); - jwe = JweUtils.createJweDecryptionProvider(wrapperKey, JoseConstants.A128KW_ALGO, contentEncryptionAlgo); + jwe = JweUtils.createJweDecryptionProvider(wrapperKey, AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo); } else { SecretKey cekKey = CryptoUtils.createSecretKeySpec(cek, "AES"); jwe = JweUtils.getDirectKeyJweDecryption(cekKey, contentEncryptionAlgo); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index 1fa0c9f..5e11159 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -28,8 +28,7 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.common.util.crypto.CryptoUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.AfterClass; @@ -147,8 +146,8 @@ public class JweJsonProducerTest extends Assert { @BeforeClass public static void registerBouncyCastleIfNeeded() throws Exception { try { - Cipher.getInstance(Algorithm.AES_GCM_ALGO_JAVA); - Cipher.getInstance(Algorithm.AES_CBC_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_GCM_ALGO_JAVA); + Cipher.getInstance(AlgorithmUtils.AES_CBC_ALGO_JAVA); } catch (Throwable t) { Security.addProvider(new BouncyCastleProvider()); } @@ -161,35 +160,35 @@ public class JweJsonProducerTest extends Assert { @Test public void testSingleRecipientGcm() throws Exception { final String text = "The true sign of intelligence is not knowledge but imagination."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, JoseConstants.A128GCM_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1, CEK_BYTES, false); } @Test public void testSingleRecipientDirectGcm() throws Exception { final String text = "The true sign of intelligence is not knowledge but imagination."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_OUTPUT, JoseConstants.A128GCM_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, null, JweCompactReaderWriterTest.INIT_VECTOR_A1, CEK_BYTES, false); } @Test public void testSingleRecipientDirectFlatGcm() throws Exception { final String text = "The true sign of intelligence is not knowledge but imagination."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_DIRECT_FLAT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, null, JweCompactReaderWriterTest.INIT_VECTOR_A1, CEK_BYTES, true); } @Test public void testSingleRecipientFlatGcm() throws Exception { final String text = "The true sign of intelligence is not knowledge but imagination."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, JoseConstants.A128GCM_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_FLAT_OUTPUT, AlgorithmUtils.A128GCM_ALGO, WRAPPER_BYTES1, JweCompactReaderWriterTest.INIT_VECTOR_A1, CEK_BYTES, true); } @Test public void testSingleRecipientA128CBCHS256() throws Exception { String text = "Live long and prosper."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, JoseConstants.A128CBC_HS256_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_OUTPUT, AlgorithmUtils.A128CBC_HS256_ALGO, Base64UrlUtility.decode(JweCompactReaderWriterTest.KEY_ENCRYPTION_KEY_A3), JweCompactReaderWriterTest.INIT_VECTOR_A3, JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3, @@ -198,7 +197,7 @@ public class JweJsonProducerTest extends Assert { @Test public void testSingleRecipientDirectA128CBCHS256() throws Exception { String text = "Live long and prosper."; - doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, JoseConstants.A128CBC_HS256_ALGO, + doTestSingleRecipient(text, SINGLE_RECIPIENT_A128CBCHS256_DIRECT_OUTPUT, AlgorithmUtils.A128CBC_HS256_ALGO, null, JweCompactReaderWriterTest.INIT_VECTOR_A3, JweCompactReaderWriterTest.CONTENT_ENCRYPTION_KEY_A3, @@ -212,7 +211,7 @@ public class JweJsonProducerTest extends Assert { final byte[] iv, final byte[] cek, boolean canBeFlat) throws Exception { - JweHeaders headers = new JweHeaders(JoseConstants.A128KW_ALGO, + JweHeaders headers = new JweHeaders(AlgorithmUtils.A128KW_ALGO, contentEncryptionAlgo); JweEncryptionProvider jwe = null; if (wrapperKeyBytes == null) { @@ -240,13 +239,13 @@ public class JweJsonProducerTest extends Assert { final String text = "The true sign of intelligence is not knowledge but imagination."; SecretKey wrapperKey = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES"); - JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO); + JweHeaders protectedHeaders = new JweHeaders(AlgorithmUtils.A128GCM_ALGO); JweHeaders sharedUnprotectedHeaders = new JweHeaders(); sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks";); JweEncryptionProvider jwe = JweUtils.createJweEncryptionProvider(wrapperKey, - JoseConstants.A128KW_ALGO, - JoseConstants.A128GCM_ALGO, + AlgorithmUtils.A128KW_ALGO, + AlgorithmUtils.A128GCM_ALGO, null); JweJsonProducer p = new JweJsonProducer(protectedHeaders, sharedUnprotectedHeaders, @@ -261,7 +260,7 @@ public class JweJsonProducerTest extends Assert { } }; JweHeaders recepientUnprotectedHeaders = new JweHeaders(); - recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO); + recepientUnprotectedHeaders.setKeyEncryptionAlgorithm(AlgorithmUtils.A128KW_ALGO); String jweJson = p.encryptWith(jwe, recepientUnprotectedHeaders); assertEquals(SINGLE_RECIPIENT_ALL_HEADERS_AAD_OUTPUT, jweJson); } @@ -271,20 +270,20 @@ public class JweJsonProducerTest extends Assert { SecretKey wrapperKey1 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES1, "AES"); SecretKey wrapperKey2 = CryptoUtils.createSecretKeySpec(WRAPPER_BYTES2, "AES"); - JweHeaders protectedHeaders = new JweHeaders(JoseConstants.A128GCM_ALGO); + JweHeaders protectedHeaders = new JweHeaders(AlgorithmUtils.A128GCM_ALGO); JweHeaders sharedUnprotectedHeaders = new JweHeaders(); sharedUnprotectedHeaders.setJsonWebKeysUrl("https://server.example.com/keys.jwks";); - sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(JoseConstants.A128KW_ALGO); + sharedUnprotectedHeaders.setKeyEncryptionAlgorithm(AlgorithmUtils.A128KW_ALGO); List<JweEncryptionProvider> jweList = new LinkedList<JweEncryptionProvider>(); - KeyEncryptionAlgorithm keyEncryption1 = - JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, JoseConstants.A128KW_ALGO); - ContentEncryptionAlgorithm contentEncryption = - JweUtils.getContentEncryptionAlgorithm(JoseConstants.A128GCM_ALGO); + KeyEncryptionProvider keyEncryption1 = + JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, AlgorithmUtils.A128KW_ALGO); + ContentEncryptionProvider contentEncryption = + JweUtils.getContentEncryptionAlgorithm(AlgorithmUtils.A128GCM_ALGO); JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption); - KeyEncryptionAlgorithm keyEncryption2 = - JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, JoseConstants.A128KW_ALGO); + KeyEncryptionProvider keyEncryption2 = + JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, AlgorithmUtils.A128KW_ALGO); JweEncryptionProvider jwe2 = new JweEncryption(keyEncryption2, contentEncryption); jweList.add(jwe1); jweList.add(jwe2); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java index 5f721f5..2e1d942 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JwePbeHmacAesWrapTest.java @@ -20,8 +20,9 @@ package org.apache.cxf.rs.security.jose.jwe; import java.security.Security; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.After; @@ -42,9 +43,9 @@ public class JwePbeHmacAesWrapTest extends Assert { public void testEncryptDecryptPbesHmacAesWrapA128CBCHS256() throws Exception { final String specPlainText = "Live long and prosper."; final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO); - JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(Algorithm.A128CBC_HS256.getJwtName(), + KeyEncryptionProvider keyEncryption = + new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW); + JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, keyEncryption); String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); @@ -58,17 +59,17 @@ public class JwePbeHmacAesWrapTest extends Assert { public void testEncryptDecryptPbesHmacAesWrapAesGcm() throws Exception { final String specPlainText = "Live long and prosper."; JweHeaders headers = new JweHeaders(); - headers.setAlgorithm(JoseConstants.PBES2_HS256_A128KW_ALGO); - headers.setContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName()); + headers.setAlgorithm(AlgorithmUtils.PBES2_HS256_A128KW_ALGO); + headers.setContentEncryptionAlgorithm(ContentAlgorithm.A128GCM.getJwaName()); final String password = "Thus from my lips, by yours, my sin is purged."; - KeyEncryptionAlgorithm keyEncryption = - new PbesHmacAesWrapKeyEncryptionAlgorithm(password, JoseConstants.PBES2_HS256_A128KW_ALGO); + KeyEncryptionProvider keyEncryption = + new PbesHmacAesWrapKeyEncryptionAlgorithm(password, KeyAlgorithm.PBES2_HS256_A128KW); JweEncryptionProvider encryption = new JweEncryption(keyEncryption, - new AesGcmContentEncryptionAlgorithm(Algorithm.A128GCM.getJwtName())); + new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM)); String jweContent = encryption.encrypt(specPlainText.getBytes("UTF-8"), null); PbesHmacAesWrapKeyDecryptionAlgorithm keyDecryption = new PbesHmacAesWrapKeyDecryptionAlgorithm(password); JweDecryptionProvider decryption = new JweDecryption(keyDecryption, - new AesGcmContentDecryptionAlgorithm(JoseConstants.A128GCM_ALGO)); + new AesGcmContentDecryptionAlgorithm(ContentAlgorithm.A128GCM)); String decryptedText = decryption.decrypt(jweContent).getContentText(); assertEquals(specPlainText, decryptedText); http://git-wip-us.apache.org/repos/asf/cxf/blob/8d2b0180/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java index ba92742..6c0f243 100644 --- a/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java +++ b/rt/rs/security/jose/src/test/java/org/apache/cxf/rs/security/jose/jwk/JsonWebKeyTest.java @@ -25,8 +25,9 @@ import java.util.List; import java.util.Map; import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.rs.security.jose.JoseConstants; -import org.apache.cxf.rs.security.jose.jwa.Algorithm; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweCompactConsumer; import org.bouncycastle.jce.provider.BouncyCastleProvider; @@ -129,8 +130,9 @@ public class JsonWebKeyTest extends Assert { String encryptedKeySet = JwkUtils.encryptJwkSet(jwks, password.toCharArray()); JweCompactConsumer c = new JweCompactConsumer(encryptedKeySet); assertEquals("jwk-set+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); + assertEquals(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); + assertEquals(ContentAlgorithm.A128CBC_HS256.getJwaName(), + c.getJweHeaders().getContentEncryptionAlgorithm()); assertNotNull(c.getJweHeaders().getHeader("p2s")); assertNotNull(c.getJweHeaders().getHeader("p2c")); jwks = JwkUtils.decryptJwkSet(encryptedKeySet, password.toCharArray()); @@ -153,8 +155,9 @@ public class JsonWebKeyTest extends Assert { String encryptedKey = JwkUtils.encryptJwkKey(jwk, password.toCharArray()); JweCompactConsumer c = new JweCompactConsumer(encryptedKey); assertEquals("jwk+json", c.getJweHeaders().getContentType()); - assertEquals(Algorithm.PBES2_HS256_A128KW.getJwtName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); - assertEquals(Algorithm.A128CBC_HS256.getJwtName(), c.getJweHeaders().getContentEncryptionAlgorithm()); + assertEquals(KeyAlgorithm.PBES2_HS256_A128KW.getJwaName(), c.getJweHeaders().getKeyEncryptionAlgorithm()); + assertEquals(ContentAlgorithm.A128CBC_HS256.getJwaName(), + c.getJweHeaders().getContentEncryptionAlgorithm()); assertNotNull(c.getJweHeaders().getHeader("p2s")); assertNotNull(c.getJweHeaders().getHeader("p2c")); jwk = JwkUtils.decryptJwkKey(encryptedKey, password.toCharArray()); @@ -181,13 +184,13 @@ public class JsonWebKeyTest extends Assert { assertEquals(AES_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(AES_KID_VALUE, key.getKid()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.A128KW_ALGO, key.getAlgorithm()); + assertEquals(AlgorithmUtils.A128KW_ALGO, key.getAlgorithm()); } private void validateSecretHmacKey(JsonWebKey key) { assertEquals(HMAC_SECRET_VALUE, key.getProperty(JsonWebKey.OCTET_KEY_VALUE)); assertEquals(HMAC_KID_VALUE, key.getKid()); assertEquals(JsonWebKey.KEY_TYPE_OCTET, key.getKeyType()); - assertEquals(JoseConstants.HMAC_SHA_256_ALGO, key.getAlgorithm()); + assertEquals(AlgorithmUtils.HMAC_SHA_256_ALGO, key.getAlgorithm()); } private void validatePublicRsaKey(JsonWebKey key) { @@ -195,7 +198,7 @@ public class JsonWebKeyTest extends Assert { assertEquals(RSA_PUBLIC_EXP_VALUE, key.getProperty(JsonWebKey.RSA_PUBLIC_EXP)); assertEquals(RSA_KID_VALUE, key.getKid()); assertEquals(JsonWebKey.KEY_TYPE_RSA, key.getKeyType()); - assertEquals(JoseConstants.RS_SHA_256_ALGO, key.getAlgorithm()); + assertEquals(AlgorithmUtils.RS_SHA_256_ALGO, key.getAlgorithm()); } private void validatePrivateRsaKey(JsonWebKey key) { validatePublicRsaKey(key);
